All speeches are
being added on-line for free to better help the security community.
The speeches are in quarter screen size to save on space, and encoded using
the 2-Pass and variable bit encoding options.

To view them you
must have RealPlayer 7 to support the SureStream technology. In making
these speeches available I have encoded them at bitrates from 56k to DSL
for maximum quality. If you find broken links or have questions please
contact Jeff
Moss.

Computer security is one
of those topics that most Novell NetWare system administrators think is
something their Unix (and more recently Microsoft NT) administrator counterparts
have to worry about. While those involved in security circles have known
otherwise for years, Novell is making leaps and bounds into a more open
world of web servers, NetWare/IP, and other connectivity to public networks,
and it has become very important to consider all aspects of the security
of Novell's products.

Novell has also been less
than forthcoming regarding security patches for vulnerabilities in their
products, and often release security patches as a part of regular maintenance
patches without communicating the nature of the original security problem
and the importance behind loading the latest patch. Due to some fairly
high profile security exploits that have recently surfaced (including some
I have helped author), Novell is slowly beginning to address security in
a more proactive way. But they, like most other large commercial software
producers, have a long way to go.

Therefore it is important
to learn exactly how NetWare servers can be compromised, how easy it is
to gain access to the tools to perform intrusions, how the tools work,
and how easy it is to patch most holes. It is also important to understand
not only the nature of the attacks, but also the nature of potential attackers.

I have
been asked why I go by the name "Simple Nomad". The main reason is that
my very understanding Fortune 100 employer cares little about what I do
outside of work, as long as I leave them out of it. To help keep this agreement,
I remain Simple Nomad, a name off of a Ouija board session.

Many
of my projects and papers are written from the perspective of the unwanted
intruder. Why? Because it is simply much more interesting. I remember a
movie where some girl didn't like the bank robbers and muggers, but was
fascinated with the forger. She felt the forger was an "artist". I guess
I see the hacker as an artist to a degree. It's the same mentality that
gets us to watch spy movies, and movies about those "rebel" cops who break
a few rules to get the job done. Next time you're watching one of those
movies or TV shows notice how many times either a law is broken or a civil
liberty is stepped on "for the greater good". And remember hackers are
no different. They just get the bad press.

Firewalls seem to be everywhere
these days, and few are getting more attention that the "new breed" of
network firewall appliances. With claims ranging from "plug and play" to
"zero maintenance" these new network black boxes seem to be the answer
to a network administrator's dreams. However, as usual, all is not as it
appears... Tune in for a comprehensive review of these security appliances
including a feature by feature examination, an overview of vendor claims,
and the results of our real world tests of nearly two dozen of these devices.

Brent
Huston is an information security consultant who specializes in penetration
testing and incident response. He has provided services to Fortune 500
clients since 1992 and has an extensive background in electronic commerce.
He is currently the president and CEO of MicroSolved, Inc.

MicroSolved,
Inc. is an information security consulting company located in Columbus,
Ohio. MicroSolved provides penetration testing, security policy, and incident
response services to many clients of varying size.

This will be a cross-platform
hack demonstration taking everyone over a router, through a firewall and
into the corporate jewels. The demonstration setup will use 6 NT-Unix
hosts, one router and one firewall. Three to four video projectors
will help walk everyone through each node in the attack.

Methods will be presented
which an attacker may use to circumvent traditional security models or
exploit common security misconfigurations in a DMZ-Firewall environment.
Specific attacks will be demonstrated in a mixed Unix Ų NT environment,
including:

Several intrusion detection
systems will be running in default configurations to detect these attacks
(yeah, right). After demonstrating the cross-platform hack through
the router and firewall to the internal network, we will spend the balance
of the presentation discussing mechanisms that can be used to help deter
these types of attacks.

Eric
Schultze is a Senior Manager in the Information Security Services practice
of Ernst ? Young. Based out of Seattle, Washington, he is a national
resource and serves as the firm‚s subject matter expert for securing Windows
NT and Microsoft BackOffice applications. Eric has over 8 years of experience
in information systems and security.

While
at Ernst ? Young, Mr. Schultze has developed the service line, tools, and
audit methodologies for HackNT, AuditNT, SecureNT and TrainNT.
He has presented the NT Attack and Penetration methodology for numerous
clients, internal training seminars, CSI 98, and NetSec 99. Portions of
his HackNT methodology were featured in a July 1998 issue of InfoWorld
Magazine. Mr. Schultze is an instructor in Ernst ? Young‚s „Extreme
Hacking: Defending Your Siteš training class - featured in the March 22,
1999 issue of TIME magazine.

His
former experiences include serving as the Manager of Information Services
for Beall's Department Stores where he managed their AS/400 and Windows
NT environments and directed the implementation of their retail Internet
presence. Prior to joining Ernst ? Young, Mr. Schultze served as
a Manager and a lead NT security specialist at Price Waterhouse, where
he co-developed their Windows NT Attack and Penetration methodology.
Mr. Schultze began his career working at Salomon Brothers where he performed
financial and technology audits. He holds BA degrees in Psychology and
Sociology from Amherst College.

George
Kurtz is a Senior Manager in the Information Security Services practice
of Ernst ? Young and serves as the Attack and Penetration leader within
the Profiling service line. Mr. Kurtz has performed dozens of firewall,
network, and Web server penetration studies / security reviews throughout
his security consulting career. Mr. Kurtz has experience with designing
firewall architectures and in evaluating various platforms and technologies
from an audit, control, and data security perspective including: firewalls,
routers, web servers, intrusion detection systems, and various Unix and
NT operating systems.

Mr.
Kurtz has spoken at numerous industry events, and has been quoted by: the
Wall Street Journal, USA Today, Associated Press, Communications Week,
InfoWorld, PC Week, Bergen Record, C|net On-line, and Accounting
Today. He has also published several works including The art of Attack
and Penetration, Sys Admin (March and April 1999) ? Diary of a Tiger Team,
Information Security News (1995), and featured in a chapter of Corporate
Espionage by Ira Winkler.

This talk will address the
issue of auditing an NT box after a break in. Specifically, we will examine
the evidence left behind by an intruder and how to preserve this evidence
for criminal prosecution. NT's built in tools are not sufficient and can
damage what you are looking for. I will present a tutorial on using a few
free tools I have made specifically for this purpose.

The demonstration will make
use of multiple overheads displaying the auditing notes and actual
step by step details of a break in. Details will include:

Again, the focus will be on
looking at this data in a non-destructive manner. Hope to see you
there.

JD
Glaser is CEO of NT OBJECTives,
Inc., a maker of security audit tools for Windows NT. Most notably, NTLast
and Forensic Toolkit, which are free tools for the security community.
He is an MCSE/MCSD that specializes in contract DCOM programming and NT
network security. Clients have included, Intel, HP, Columbia Sportsware
and Tripwire. Latest projects have involved NTFS file system code for Tripwire
for NT and file system filters for real-time detection systems for NT that
bypass NT's untrusted API.

Many sites believe that the
only external threats to their network come from unsophisticated script
kids or well funded corporate espionage projects. This problem is compounded
by the underestimation of the former, and the belief that their organization
is not of interest to the latter.

The reality is that the stakes
are raised substantially if the company in question is publicly traded.
By allowing any investor with a computer and an online trading account
to have a vested interest in their share price, the status and information
contained on their network acquires the speculative value of whatever capital
an attacker would invest in the company.

With this motive established,
we can examine some new threats and some existing threats in a new context.
With the proliferation of online trading, new financial incentives exist
for even the least sophisticated attacker to violate your network. [FUD]

This paper will deal with
technical security issues affecting Internet transit points and providers,
including the following points:

Security issues with the BGP4
protocol.

A brief overview of how the
protocol operates and its function. Exploitable features of the protocol.

What damage can be done. Historical
examples of catastrophic mis-configuration. Scale of interruption.

Brief overview of BGP communities
and their use in directing traffic. Network providers that charge based
upon measured traffic will be affected by this.

Using IP spoofing to send false
UPDATE messages. How does it work? What implementations are vulnerable?

Misconfigured ingress and egress
filters make the task of inserting bogus routing information into an AS's
tables is simplified by this mistake.

Vendors that implement authentication
in BGP4.

Password authentication of BGP
sessions will prevent some attacks. Not all vendors implement this and
will be vulnerable to attack.

Brief case study and architecture
of an attack against a misconfigured network through the use of route spoofing
.

'batz'
works for an international backbone provider as a network analyst. He is
also a security consultant who does not talk about who he has worked for.

Peter Shipley, KPGM and Tom
Jackiewicz,

Security issues with implementing and deploying
the LDAP directory system.

The popularity of LDAP is
increasing and is thus resulting in it's rapidly replacing NIS, Radius
and tacacs and other authentication services. Unfortunately,
as will most new technologies, many site are failing to instigate proper
security measures when deploying this new technology.

Common errors and assumptions
will me discussed as well as techniques used by network intruders to compromise
LDAP servers and related systems and harvest data.

Peter
Shipley Is an consultant in the San Francisco's Bay Area with over
thirteen years experience n the Computer Security field.Currently
working for KPMG LLP. out of the San Jose/Silicon Valley office with the
title of "Chief Security Officer". Mr. Shipley is one of the few
individuals who is well known and respected in the professional world as
well as the underground/hacker community. He has extensive experience in
system and network security as well as programming and project design.
Mr. Shipley past accomplishments include first in depth research into the
security aspects of wardialing, designing and implanting the first automated
network security scanner, among other accomplishments.

Mr.
Shipley's specialties are third party penetration testing and firewall
review, computer risk assessment, and security training. Mr. Shipley
also performs post-intrusion analysis as well as expert witness testimony.

Tom
wants to be sitting in the bathtub of my suite at Mandarin Oriental after
watching my super model girlfriend give new insight into number theory
in front of everyone at Berkeley. He wants to be driving a 900 series BMW,
wearing an Armani suit and GUCCI loafers while talking to his broker on
his cellular phone. And while he's doing that, he wants to think
of all the great projects that he has been involved with during my career.

Dominique Brezinski - Building
a Forensic Toolkit That Will Protect You From Evil Influences

When responding to computer
security incidents, you will invariably have to work on compromised hosts.
Check to see if the interface is in promiscuous mode, what processes are
running, and if anything interesting has been left in /tmp. You will
be making bit-for-bit copies of hard drives and shutting down the system.
And you want to do all these operations safely and without compromising
the integrity of evidence. So, you are going to use "known good"
copies of all the utilities that you have so carefully placed on a floppy
or CD-ROM. But does this really protect you or the evidence from
little nasties that the bad guy may have left behind? No.

This presentation will focus
on the subtle and technical aspects of operating in a hostile computing
environment. We will go over how to create a reasonably secure environment
for doing forensic analysis of a running compromised system and what utilities
you will most likely need. Solaris and Windows NT will be used as
the demonstration environments.

Cryptography
and certification are considered necessary Internet features and must be
used together, for example in e-commerce. This work deals with certification
issues and reviews the three most common methods in use today, which are
based on X.509 Certificates and Certification Authorities (CAs), PGP and,
SKIP. These methods are respectively classified as directory, referral
and collaborative based. For two parties in a dialogue the three
methods are further classified as extrinsic, because they depend on references
which are outside the scope of the dialogue. A series of conceptual, legal
and implementation flaws are catalogued for each case, emphasizing X.509
and CAs, which helps to provide users with safety guidelines to be used
when resolving certification issues. Governmental initiatives introducing
Internet regulations on certification, such as by TTP, are also discussed
with their pros and cons regarding security and privacy. Throughout,
the paper stresses the basic paradox of security versus privacy when dealing
with extrinsic certification systems, whether with X.509 or in combination
with PGP. This paper has benefited from the feedback of the Internet community
and its expanded on-line version has received more than 50,000 Internet
visitors from more than 20,000 unique Internet sites, in 1997/98.

Ed
Gerck received his Doctorate in Physics from the Ludwig-Maximilians-Universitaet
and the Max-Planck-Institut fuer Quantenoptik, in Munich, Germany, 1983,
with the maximum grade ("sehr gut"). Since 1986 he has been active as a
consultant and developer in the field of security and cryptography, for
government agencies and international companies based in Brazil, the US
and other countries. He is the founder and President of Novaware ISEC,
developer of Holocomm encoding and other innovative communication and security
software, such as the one-floppy WWW browser and e-mail agent WebBoy UMC
in collaboration with IBM Japan. He is also the founder and current Coordinator
of the Meta-Certificate Group - MCG, an open international non-profit
group active in the field of Internet security and certification standards
development, with participants from 28 countries. Ed Gerck has been appointed
in 1999 to the NSI's RAB -- Registry Advisory Board of Network Solutions,
Inc., Herndon, VA, US. Dr. Gerck's most recent papers can be found
at the MCG site.

VPN continues to be a complex
subject due to the multitude of products and protocols. However, taking
enterprise security concerns a step further, how many VPN systems integrate
with a native authorization and access control system?

After concluding with a short-list
of requirements including protocols and applications, I will introduce
the enterprise security domains. I will demonstrate the differences between
planning for Branch Office VPN (BOVPN) and planning for Remote User VPN
(RUVPN).

Overall, VPN solutions may
include more components than simply the VPN products. First, in order to
guarantee certain performance, customers may negotiate agreements with
service providers. The architecture of the resulting VPN will then determine
whether the contracted QoS can be realized. Secondly are concerns over
enterprise security systems. How should the VPN be deployed with respect
to a firewall? Should certain internal systems or LANs be inaccessible
from a remote connection? How can the security administrator monitor the
traffic? What are the best architectures for use in different environments?

These questions each imply
a discussion in the given area. I will treat the area of firewall/VPN integration
very carefully and then extrapolate those principles to the use of IDS
systems. The second major area of security that will be covered is auditing.
The ability to audit and manage VPN usage will be discussed in the context
of the various architectures.

David
Bovee is a Network Security Engineer for INS. David focuses on work involving
large network security design and implementation projects. An experienced
and senior systems and network administrator, David is also an active writer
and public speaker. He has co-authored articles on Windows NT, NT Security
and Virtual Private Networks in conjunction with SANS. In 1999, David will
publish a book with Macmillan Technical Publishing on VPNs focused on the
requirements, architecture, and protocols. He also gives frequent technology
seminars on various topics related to network and Internet security.

This session will address
the techniques used to investigate network-based intrusions, especially
those originating from the public Internet. Emphasis will be on techniques
that provide an acceptable chain of evidence for use by law enforcement
or in anticipation of civil litigation. We will cover back-tracing,
forensic tools, end-to-end tracing and evidence collection and preservation
as well as the forensic use of RMON2-based tools for documenting the path
of an attack.

Peter
Stephenson is a well-known writer, consultant and lecturer with an international
reputation in large scale computer networks and information protection.
He has lectured extensively on network planning, implementation, technology
and security. He has written or co-authored 14 books (including foreign
language translations) and several hundred articles in major national and
international trade publications. He is the principle consultant for InfoSEC
Technologies division of Sanda International Corp.

Mr.
Stephenson has participated in investigations of computer system intrusions,
Internet misuse and abuse and has performed forensic analysis of computer
disk drives as well as backtracing analysis of intrusions coming from the
Internet. He has used forensic techniques to recover lost data from computer
disk drives.

Stephenson
is a member of the Information Systems Audit and Control Association (ISACA),
the Information Systems Security Association (ISSA) and the High Technology
Crime Investigation Association (HTCIA). He provides volunteer assistance
on request to the Michigan State Police and other law enforcement agencies.

Rooster

Secure DNS solutions

This talk will discuss the
many security issues with DNS and what is being done to protect this vital
infrastructure. Many standards have come out of the IETF recently
that address the security problems that has always plagued DNS, and we
will look at the standards themselves and then how they are being implemented.

DNS could probably be considered
one of the most important infrastructure services on the Internet.
Amazingly, in its current form, DNS is one of the most vulnerable for attack.
A well thought out DNS attack could completely take a domain off the net,
or just redirect them to someplace unintended.

Rooster
is a Network Engineer on one of the largest Non ISP networks around.
His primary focus is on DNS and routing.

Firewalking uses a traceroute-like
IP packet analysis to determine whether or not a particular packet can
pass from the attacker's host to a destination host through a packet-filtering
device. This technique can be used to map 'open' or 'pass through'
ports on a gateway. More over, it can determine whether packets with
various control information can pass through a given gateway. Also,
using this technique, an attacker can map routers behind a packet-filtering
device.

Mike
Schiffman has lectured across the country and overseas to technical and
management audiences on network vulnerabilities, auditing and Internet
penetration techniques. While at Cambridge Technology Partners, as
senior security architect, he along with David Goldsmith developed "firewalk",
a new technique for scanning packet forwarding devices and mapping networks.
Some of hisaudit
and penetration test clients include multinational financial and industrial
institutions, television studios and fine German automobile corporations.

He
has also been a principal instructor for New Dimensions International on
various network security topics. The clients and class participants
have included the NSA, FBI, CIA, members of the defense and space industry,
NASA as well as various members of the commercial industry.

Mike
is currently a senior security consultant with Internet Security Systems
and is an associate faculty member for NDI. In his spare time he
publishes and writes articles for a hobbyist computer security journal.

Many network managers ignore
the single biggest weapon they have against hackers: the home court advantage.
Intimate knowledge of one's own system and network is a huge advantage
in building intrusion detection systems for networks, web sites, and fire
walls. In this talk, I'll outline a couple of fun tricks that can
be useful in defending your systems.

Marcus
Ranum is CEO of Network Flight Recorder, Inc., and has been specializing
in Internet security since he built the first commercial firewall product
in 1989. He has acted as chief architect and implementor of several other
notable security systems including the TIS firewall tool kit, TIS Gauntlet
firewall, whitehouse.gov, and the Network Flight Recorder. Marcus frequently
lectures on Internet security issues, and is co-author of the "Web Site
Security Source book" with Avi Rubin and Dan Geer, published by John Wiley
and sons.

From encryption to digital
signatures to electronic commerce to secure voting--cryptography has become
the enabling technology that allows us to take existing business and social
constructs and move them to computer networks. But a lot of cryptography
is bad, and the problem with bad cryptography is that it looks just like
good cryptography; most people cannot tell the difference. Security
is a chain: only as strong as the weakest link. In this talk I'll
examine some of the common mistakes companies make implementing cryptography,
and give tips on how to avoid them.

BRUCE
SCHNEIER is president of Counterpane Systems, the author of Applied Cryptography,
and an inventor of the Blowfish, Twofish, and Yarrow algorithms.
He serves on the board of the International Association for Cryptologic
Research, EPIC, and VTW. He is a contributing editor to Dr. Dobb's
Journal, and a frequent writer and lecturer on cryptography.

Last year saw the boom of
commercial "security scanners", the very same technology that Dan Farmer
was fired for writing over 5 years ago. If you believe the propaganda,
these scanners will seem to take you to "security nirvana". However,
scanners not only fail to enforce security policy, they encourage bad policy.
The applications themselves are full of shortcomings, from false positives
to blatant oversights. The market is driven by coverage, resulting
in inaccurate tests based on flawed assumptions. If you scan and
repair your network with such a scanner, you are no more secure than when
you started.

Greg
Hoglund is a software engineer and researcher. His most notable achievement
was the creation of the Asmodeus Security Scanner, a Windows NT based port
scanner and ethernet sniffer, which he later sold to Webtrends, Corp.
Additionally, Hoglund has written several white papers on content based
attacks, kernel patching, and forensics. He currently works as a
researcher for Tripwire Security Systems, exploring forensics issues.

Sarah Gordon, IBM Research Center.

Viruses in the Information Age

Understanding how the virus
writers operate, how they perceive their world and the world around them,
and how they think is an integral part of addressing the problem of computer
viruses. Avoiding the often dangerous over generalization into some homogenous
group, an examination of various motivations and technical abilities is
presented. Trends in the virus writing communities will be explored.
Future threats will be considered and possible solutions presented.

The presentation will include
actual case studies selected from the following populations:(1) adolescents(2) college students(3) adult/professionally
employed(4) ex-virus writers

Sarah
Gordon graduated from Indiana University with special projects in both
UNIX system security and ethical issues in technology. She currently works
with the anti-virus science and technology R?D team at IBM Thomas J. Watson
Research Center. Her current research projects include development of certification
standards, test criteria, and testing models. She has been featured in
publications such as Forbes, IEEE Monitor and The Wall Street Journal,
and is published regularly in publications such as Computer and Security
and Network Security Advisor. She has won several awards for her work in
various aspects of computing technology, and volunteers in an advisory
capacity to Virus Bulletin, The WildList Organization, and The European
Institute for Computer Antivirus Research.

There is currently a great
deal of hype surrounding the tremendous growth and potential of e-commerce.
Many companies get on the bandwagon with the hope that providing an e-commerce
front end will boost sales and, more importantly, increase the value of
the company. Researchers, ever sensitive to the need to be on the leading
edge to garner resources, are building e-commerce applications of technologies
ranging from secure billing systems for on-line transactions to intelligent
agents for business-to-business transactions. In this talk I will discuss
the current state of e-commerce and focus on the threats and challenges
associated with these emerging e-commerce technologies.

Larry
Korba is a Senior Research Officer in the Network Computing Group of the
Institute for Information Technology, National
Research Council of Canada. His current areas of research include:
development of e-commerce technologies, Distributed Security applications
in the area of Network Management (including wireless LANs), and Intelligent
Agent development. Larry has published over 70 scientific and technical
papers.

Jeremy Rauch,

How responsive are vendors to security
problems when they aren't being pressured by someone threatening to go
public?

Hundreds, if not thousands,
of machines are unnecesarily compromised each day. But most of these
breakins could have been avoided if administrators had been aware of just
a single vulnerability - the one that affected them! How do these
administrators keep up with the plethora of security issues exposed every
week? Today, there are primarily three ways to discover these vulnerabilities:
vendor fixes and patches, security advisories published by one of the myriad
of groups (CERT, CIAC, etc), and full disclosure mailing lists such as
Bugtraq.

But how effective are each
of these methods? How responsive are vendors to security problems
when they aren't being pressured by someone threatening to go public?
Are the proponents of full disclosure helping to fix the problem, as they
believe, or are they creating more of a problem by divulging vulnerability
exploits before a fix is available?

We will analyze this issue
from all three perspectives, discussing both successes and failures of
each method, and discussing what steps we need to take to remedy the problem.
People have very strong feelings on this topic, and its sure to provoke
interesting discussion.

Jeremy
Rauch has been involved in discovering and researching security vulnerabilities
from a number of different perspectives. Working with vendors, he
has identified and helped fix over two dozen major security vulnerabilities.
Jeremy is currently a developer at one of the largest security vendors,
where part of his duties include the identification and reporting of security
risks. Jeremy is also one of the founders of Security Focus, Inc.
a centralized online security resource offering security news, products,
events, books, tools, and one of the most comprehensive vulnerability listing
on the net.

Security scanners such as
SATAN are poorly understood by almost everyone who has never written one.
Despite this lack of understanding, scanners are being widely sold, and
sometimes even deployed. This talk will focus on the details of how
scanners actually work in the field, and why the results they give range
from somewhat to very misleading.

Adam Shostack is Director of Security Technologies for Bindview Development. Mr Shostack is a leader in the design and development of BindView's HackerShield security scanner. He also serves on the board of the International Financial Cryptography Association, and has published papers on a variety of security topics.

As a security guy who has travelled
a bit, I've come to agree with a former counter espionage agent that "this
security stuff is all the same." From a security viewpoint,
there is little new about the Internet. The same security rules apply
to the Internet, castles, walls, and even the immune system. We will
explore a number of security lessons from many sources.

Bill
Cheswick logged into his first computer in 1969. Six years later,
he was graduated from Lehigh University with a degree that looked like
Computer Science.

Cheswick
has worked on (and against) operating system security for nearly 30 years.
He contracted for several years at Lehigh and the Naval Air Development
Center working on systems programming and communications. In 1978
he worked at the American Newspaper Publishers Association/Research Institute,
where he shared a patent for a hardware-based spelling checker, a device
clearly after its time.

For
the next nine years he worked for Systems and Computer Technology Corporation
at a variety of universities including Temple University, LaSalle College,
Harvard Business School, Manhattan College, NJIT, and several others.
Duties included system management, consulting,software development, communications
design and installation, PC evaluations, etc.

In
1987 (Morris minus 1) he joined Bell Laboratories as a Member of the Technical
Staff. Since then he has worked on firewalls, network security, PC
viruses, mailers, interactive science exhibits, and trash-picking in the
physics building. He co-authored the first full book on Internet
security in 1994, and has since toured the world giving talks and supplying
the media with sound bites. Infoweek called him "the sweet but feral
hacker-in-residence at Bell Labs."

Ches
continues as a science guy at Bell Labs. He latest work includes
a new edition of his book and long-term mapping of the Internet, which
is producing some really smashing posters. In his spare time he launches
rockets with his wife, tries to fly RC aircraft, and automates his home
(his doorbell announces visitors, his mailbox announces real mail, and
his phone announces callers.)

Ches's
favorite part of Las Vegas is the Hoover Dam.

Eugene Schultz, Contributing author,
Internet Security for Business

Security Issues with
configuring and maintaining an IIS 4 server

Dr.
Eugene Schultz, CISSP, is the Research Director and Trusted Security Advisor
with Global Integrity Corporation, a wholly-owned subsidiary of Science
Applications International Corporation (SAIC). In this role he conducts
research and consulting activities and provides strategic guidance to corporate
clients. He is also an Adjunct Professor in the Computer Science
Department at Purdue University in connection with his research activities.

An
expert in Windows NT, UNIX, and network security, Dr. Schultz is a member
of the faculty of the Computer Security Institute and SANS (System Administration
and Network Security). He has co-authored two books (UNIX:
Its Use, Control and Audit and Internet Security for Business) and over
80 published articles, and is a contributing editor to Network Security
in addition to being a member of IFIP Working Group 11.4 (Network Security)
and the SANS Board of Directors. His new book, Practical Windows
NT Security, will be released soon.

He
has received numerous professional awards, including the NASA Technical
Innovation Award, Best Paper Award for the National Information Systems
Security Conference, and Information Systems Security Association (ISSA)
Professional Contribution Award. He has served as Chair of the U.S.
Presidential Commission on Critical Infrastructure Protection Group on
Intrusion Detection and has also provided expert testimony for the U.S.
Senate.

Before
coming to Global Integrity, he was the Principal and Information Security
Practice Leader for SRI Consulting, where he also served as Program Manager
and Research Director for the I-4 (International Information Integrity
Institute) Program. Dr. Schultz was also previously a Principal Security
Engineer with ARCA Systems, the Project Manager and founder of the Department
of Energy's Computer Incident Advisory Capability (CIAC) at Lawrence Livermore
National Laboratory, and Group Leader at the Jet Propulsion Laboratory.
He holds a Ph.D. in Cognitive Science from Purdue University, where he
was a David Ross Fellow and member of the Honor Society of Phi Kappa Phi.

The good news: We have
a lot of security solutions today. The bad news: We have
a lot of security solutions today.

Selecting your systems security
solutions can be two of the most frustrating problem for security professionals
and management. Jim will provide the audience with a different way
to approach the problem of selecting the appropriate security solution.
He will show how to base your security solutions on your business requirements
first and security requirements second. Using real-world case studies
and life-lesson concepts (i.e., „PROFIT?lossš, „Secure Brick Theoryš, „Sailor-Proofš,
and „SNABš), he will demonstrate ways to determine what the most practical
security solution is and sell them to management and customers. Jim's
examples include solutions for financial, presidential, military, gaming
and electronic commerce operations. This presentation is for those
frustrated systems security professionals and managers.

Mr.
Litchko is a senior information systems security specialist with over twenty-five
years experience assessing and developing information system security (INFOSEC)
solutions for computer and network systems. Currently, he is General
Manager for Integrated Management Services, Inc. (IMSI). He has been
a senior executive for special projects and business development at the
two largest commercial INFOSEC companies, Secure Computing Corporation
and Trusted Information Systems, and the enterprise integrator, Telos,
all internationally known for advance INFOSEC R?D, consulting, and network
security products. During his twenty-year career as a Navy cryptologist,
he spent his first six years supporting operations on naval combatants
and air reconnaissance platforms in the Atlantic, Pacific, and European
theaters. Mr. Litchko‚s last five years in the Navy were in staff and technical
positions in the National Security Agencies (NSA) INFOSEC Directorate and
the National Computer Security center (NCSC). He retired in 1990
as the Staff Chief for the Director of the NCSC. In 1997, he conducted
the first security review of an Internet gaming site. Since 1988,
he has been an instructor for systems and network security for Johns Hopkins
University, MIS Training Institute and the National Cryptologic School.
He also provided INFOSEC presentations for Congressional staffs, Gartner
Group, Conference Board, Price Waterhouse, Exxon, Freddie Mac, National
Industrial Security Association, Computer Security Institute (CSI), National
Computer Security Association (NCSA), Defense Intelligence University,
and Armed Forces Communications and Electronic Association (AFCEA).
Mr. Litchko has chaired panels and provided INFOSEC presentations at national
and international conferences and executive conferences. He holds
a Masters degree in Information Systems from John Hopkins University and
a Bachelors degree in Industrial Technology from Ohio University.

As
Director, Mr. Hunker is responsible for bringing together an integrated
national plan for addressing physical and cyber threats to the nation's
communications and electronic systems, transportation, energy, banking
and financial, health and medical services, water supply, and key government
services. As Director, he also coordinates a national education and awareness
program, as well as develop legislative and public affairs initiatives.

Prior
to joining the office, he served as Deputy Assistant to the Secretary of
Commerce, where his responsibilities included issues relating to overall
economic policy development and initiatives, the integration of economic,
energy, and environmental issues, China and other developing countries,
and representing the Administration with key constituencies.

Dr.
Hunker brings both the government and private sector perspective to his
role as Director of the Critical Infrastructure Assurance Office. He was
Vice-President of Corporate Finance at Kidder, Peabody ? Co., Incorporated
in New York, where he specialized in capital raising and acquisition advisory
work for U.S. and European industrial firms. Previously, he was a consultant
and case leader at the Boston Consulting Group. He has an AB in Engineering
and Applied Physics (cum laude, Phi Beta Kappa) from Harvard College, and
a Doctorate in Business Administration from Harvard Business School, and
has written several articles and one book on topics of public policy and
corporate strategy.

Open Source Monitoring (OSM)
is becoming more of a necessity in today's electronic market. Today
one person can broadcast messages to millions of people using the Internet
and adversely represent the company he or she works for. These messages
may contain information, which could be used to exploit the security of
a corporate network or give away valuable information about a company.
Open Source Monitoring can help companies solve and rectify problems before
they become a more serious threat.

During this briefing you
will obtain information on what OSM is and is not, methodologies, different
types of examples for OSM and the pros and cons of outsourcing OSM.

Rob
Karas currently works for Para-Protect Services Inc. where he is a Senior
Computer Security Engineer. Specializing in penetration testing and
incident response, Rob has participated in investigations of computer system
intrusions and been called as an expert witness in judicial cases.
Recently he appeared on a NPR radio segment which show cased the security,
or lack of security found throughout the Internet and on corporate networks.
Rob has been involved with Open Source Monitoring, penetration testing,
certification and incident response work for the past 6 years.

Para-Protect
Services Inc. is one of the fastest growing security consulting companies.
We provide penetration testing, 24X7 incident response, Open Source Monitoring
and other security services. As our slogan says „Information Protection
around the clock, around the globeš Para-Protect, in its first six months
has provided security support throughout the US and Europe.

Jon David, Senior editor Computers
? Security.

Putting Intrusion Detection into Intrusion
Detection Systems

Most, if not all, activities
of present intrusion detection systems are involved with the detection
and reporting of attacks; worse, these are deflected attacks.
IDS devices are typically placed outside of perimeter defenses, and treat
only incoming traffic.

Jennifer Granick, Attorney at Law.

Forensic Issues in Hacker Prosecutions

Jennifer
Stisa Granick is a criminal defense attorney in San Francisco, California.
She defends people charged with computer related crimes, as well as other
offenses. Jennifer has been published in Wired and the Magazine for
the National Association of Criminal Defense Lawyers.

Teresa Lunt, Xerox Parc

Taxonomy of Intrusion Detection Systems

Teresa
F. Lunt is Principal Scientist at Xerox PARC, where she is Manager of the
Secure Document Systems group. Prior to joining Xerox, she was Associate
Director of the Computer Science Laboratory at SRI international.
Until August 1998 she was Assistant Director for Distributed Systems in
Defense Advanced Research Projects Agency's (DARPA) Information Technology
Office, where she had oversight of programs on distributed computing, secure
networking, information survivability, adaptive systems, and software-enabled
control. She also developed and managed DARPA's Information Survivability
program, was instrumental in the development of DARPA's Information Assurance
program, and developed a new research program called Inherent Survivability.
Prior to her four years at DARPA, she was Program Director for Secure Systems
at SRI International, where she led the development of the SeaView multilevel
secure database system, the NIDES intrusion-detection system, the DISSECT
tool to detect inferences of highly sensitive information from less sensitive
information, and a system for semantic interoperability of secure databases.

Customers' increasing need
for secure software products is causing many software vendors to change
their development processes. Where vendors previously delivered static
products at discrete intervals, many now constantly monitor their already-shipped
products for reported security vulnerabilities, and provide security patches
in real time. Microsoft has had such a process in place for over
a year. This talk will discuss the process - what has worked and
what hasn't worked - and will be of interest both to vendors and customers.

Scott
Culp is a Security Product Manager at Microsoft for Windows NT Server.
He is the "voice" behind Secure@Microsoft.Com, Microsoft's email alias
for reporting security vulnerabilities in Microsoft products.

John Davis, Director, NCSC, Will
Ozier, Nebel, and Migues

Panel Discussion - Introduction
to the White Hat Track, overview of security challenges from the inside.

Padgett Peterson, Corporate Information
Security.

Overlooked Local Attack Techniques

Those few companies that
take information security seriously are often bewildered by the incredible
array of tools and pseudo-tools available for analysis. Penetration testing
and internet scanners are very popular yet are based on attack tools. These
do not make use of the "home team advantage" of very fast response and
the ability to examine the machines directly. This talk will describe some
of those local techniques which are often overlooked.

A registered
professional engineer and graduate of the General Motors Institiute, I
have been involved with digital computers, communications, and cryptography
for over thirty years. Became involved with viruses in 1988 and information
security has been my day job since 1990. Have written a number of anti-virus
programs (DiskSecure and MacroList) which are given away as FreeWare. Am
currently the Chief Information Protection Architect for Lockheed-Martin
Corporation.

Lori
is the Director of Professional Services in the Vienna, VA office of Secure
Computing Corporation. Her background in Information Systems Security
includes program management and support addressing network and telecommunications
security, training, policy development and implementation, risk management
planning and execution, and associated sub-disciplines including telecommunications,
physical, operations and personnel security. She is the former Chief
of Technical Security for an Army installation and has provided consulting
and assessment services for numerous federal, DoD and commercial organizations.
She was a participant in the National Defense Industrial Association Special
Study for the Secretary of Defense on Outsourcing of DoD Red Teaming Activities.
She has been a featured speaker before the NSA Security Proof of Concept
Keystone, the Department of Defense Security Institute, and a variety of
commercial and defense groups. She brings a realistic „in the trenchesš
approach and perspective to facilitating integration of technical, managerial
and operational elements of information systems security programs.